It's Facebook. Is it reasonable to expect complete privacy with any part of it? Email at least has some expectation of privacy, but even there, the big providers scan your email for targeted advertising.

I really don't think a reasonable person expects a lot of "privacy" at Facebook, certainly "private messages" are only private from other users, not Facebook bots...

This is never the correct response, ever. The "you are free to walk away" assumes you can somehow mitigate the need to occasionally talk to retards who are determined to use facebook, privacy and logic be damned.

You can take yourself outside of the stupid system, but you can't take the stupid out of the system.

This is never the correct response, ever. The "you are free to walk away" assumes you can somehow mitigate the need to occasionally talk to retards who are determined to use facebook, privacy and logic be damned.

You can take yourself outside of the stupid system, but you can't take the stupid out of the system.

That need is mitigated just fine by use of phone, text, email, snail mail, face-to-face contact, etc... "You are free to walk away" is the ONLY correct response, and if enough users would walk away, Facebook would be forced to stop the crap. The problem is that not enough users give a shit about their privacy.

Facebook is in the business of selling your information. If you don't like that, you should use a different communication mechanism.

The practical problem with that is that the 'field of dreams' of the internet, which was supposed to foster a competitive environment for the most valuable and innovative services, has been militarized by the NSA. When the NSA has Google/gmail and Facebook onboard it's PRISM program, and through years of disinformation, those services have weaseled their way into ubiquity, the opportunity for alternatives to flourish is suppressed. Look at the way ISPs filter smtp or ban servers against residential connecti

Actually, facebook's protocols should have been open by now. What if the first telephone company ever (AT&T?) didn't open up their protocols? Would that be acceptable? Answer: No. What if e-mail was a closed protocol run by google? Would that be acceptable? Answer: No.

So why are facebook's protocols open (a mass communication service like the others)?

I am pretty sure that google will begin just what you describe if Facebook wins this lawsuit.

I'm quite sure that Google will not, and I work for Google (though I don't speak for Google -- these are my own opinions, not any kind of official statement). Two reasons:

First, though it's contrary to the/. groupthink, because Google actually cares quite a lot about user privacy. Even if the people who work for Google didn't care themselves (and, they generally do, a lot), there's the FTC consent decree that means Google has to step very, very cautiously around privacy issues. Of course, Google does collect a lot of information about users, to target ads as well as (increasingly) to deliver personalized services like Google Now, but that data stays within Google, and Google guards it carefully.

Second, because even if privacy weren't a concern, Google is quite certain that advertisers wouldn't be able to utilize/monetize user data nearly as effectively as Google can. Google believes that its algorithmic, big-data approach can target advertising more effectively than the advertisers could do, and therefore Google can make more money by providing interested eyeballs to advertisers than it could make by providing data to advertisers so they could go get their own eyeballs. Add to that the high probability that the advertisers would act obnoxiously to Google's users in attempting to advertise to them, thereby damaging Google.

IMO, Google would be stupid to sell user data, and (also IMNSHO) Google is not stupid.

Lol, are you joking. YouTube, trying very hard to force users to use their real name, then trying to ram Google-Plus down everyone's throat. These services give out masses of information and you have to turn off the annoyances of things like gmails 'available' for chat. I can't even comment on my own videos because of where I told them to shove google-pus.

YouTube in no way requires you to use your real name. You're free to create a "page", which is an identity which can be named anything you like (within some policies, I suppose), and you can use that as your YouTube identity. Completely pseudonymous. You can even create several if you like to use sockpuppets; toggling between identity takes two clicks.

trying to ram Google-Plus down everyone's throat

Which is something you don't like, I get that, but it doesn't affect privacy.

These services give out masses of information

No, they don't. They don't give any information that you don't choose to share, to anyone (other than Google).

you have to turn off the annoyances of things like gmails 'available' for chat

Only for people you've invited to be able to see that you're available. Prior to the new Hangouts chat system, you had to specifically invite every individual (or accept an invitation from them). With the new system, you have to circle them before they can see you.

I can't even comment on my own videos because of where I told them to shove google-plus.

I don't get this concern. You post comments publicly on YouTube -- publicly! -- for the whole world to see and read, and then feel it's an invasion of privacy that they also show up at a different URL? Actually, they show up at several different URLs, because the comments get indexed for search, too, and not just by Google. You can find your YouTube comments with Bing, Yahoo, DuckDuckGo, etc. Public is public, especially on the Internet.

Now, if you don't want stuff to be available all over the web, the G+/YouTube integration actually gives you more control, because you can restrict your comments to being visible only to your circles, or to specific people that you identify. That integration increased YouTube users' privacy options.

But regardless of all that, if you don't want to use G+, don't use it. Just use YouTube's new comment system and ignore G+. And use a pseudonym if you prefer. Or use a different service if you dislike Google's stuff. Google makes it easy to take your data and walk away, and to tell Google to delete everything it knows about you.

I don't see anywhere in the complaint saying Facebook is selling or providing the data to third parties. The complaint isn't even really that they're doing this, just that they're doing it specifically with "private" messages.

There are slight differences. Google is aware of everything you do and has a basic understanding of who you are through the associations you've made with them. They take their understanding of you and translate it into valuable tailored services with a side-order of targeted advertisements.

Facebook on the other hand has a less precise awareness of everything you do and has a poor to mediocre understanding of who you are through associations you've made with them. They take their understanding of you, tai

Lucky for you, you get it! Google does the same thing, those ads you see aren't a coincidence. The last time I saw an ad on GMail (before I used ad-block), every time the girlfriend talked about marriage in emails all the damn ads were engagement rings and wedding supplies. That wasn't a lucky guess on Google's behalf.

Google doesn't do the same thing. If you see ads about wedding stuff after getting e-mails about weddings, it's because the ads are being served by Google. Google doesn't sell your data, but Google does use your data to decide what ads might be useful to you. You probably saw those ads all over the web, not just on Google properties, but that's because sites all over the web display Google ads. But Google serves the ads, and the sites don't know what's being served, and the advertisers don't know who it's being served to.

I guess the point of the poster was that his private e-mails gets datamined by Gmail, for the purpose of serving ads. The fact that the ad was served by Google itself, or by a third-party, is quite irrelevant for the user experience.

Well, in a conversation about privacy, it really is relevant. If Google is the one who has all the information but never releases it to outside entities, they're doing something that is some degree less problematic for privacy than a company like Facebook that is giving the user data to any outside entity that is willing to pay. How significant that degree is would be debatable, but it's clearly a substantially different action each organization takes.

If i send a private message to someone on facebook, I feel I deserve the same level of privacy as if I was using gmail to send it.

I realize this is sarcasm. What bugs me about gmail is not the message I send or receive to my g-mail account. I know those are mined. What bugs me is when I send e-mail to other people and they happen to use g-mail. Often their use of G-mail isn't obvious since they use their g-mail to collect forwarded e-mail or hosted URLs. Othertimes it might be a list server in which the e-mails of the recipients are not exposed even though you know the people. They might even forward the e-mail to someone who ha

While I don't mind my freinds sharing my e-mails, I do mind the un-asked association of my provate thoughts with my non-google e-mail address by google.

That chaps my ass because you just can't escape the pan optic glare of the all seeing eye of google. Nothing escapes if you want to communicate with others by e-mail.

In contrast I don't really mind facebook quite as much, at least right now. Facebook is the nude beach. If you go there you are expected to have your trousers down and should know that by now. Google is the like having the TSA body scanners in every doorway on the planet. The google oogle is a prying peeping tom, not simply the owner of the nude beach.

Of course, facebook is trying hard to be as ubiquitous as google. Nearly every web page I go to, Ghostery warns me that facebook just tried to plant a tr

Not that you should immediately ditch it, perhaps, but be aware that Ghostery is now owned by a marketing firm.

Your image of FB as a nude beach where one goes voluntarily and with realistic expectation of, um, privacy... Is an interesting one, but not entirely complete. I have no control over what my friends post, which may include images of me or mentions of my name. FB is reported too keep profiles of non-members, you know.

Both FB and Google are extremely difficult to avoid entirely, short of excommunicat

Ghostery says their business model is tracking how effectively penetrating the trackers are and, ironically, selling that info back to the tracker companies to improve their tracking. In some sense they are dependent on most people not using their tracker blocking service-- it's a sampling device for them. They say they don't market information about your browsing habits. I have wondered if they also sell the ability to let some trackers penetrate their veil, but I suspect that's too small a market to i

Google is the like having the TSA body scanners in every doorway on the planet.

http://www.google.com/privacy/tools

Scroll to the bottom and you can turn off the body scanners. Personally, I go the other way and enable Google to track 100% of my web browsing history, because it's useful to me to have that tracked and available (now, where was that page I saw three days ago?), and I don't have any concerns about what Google is going to do with the data (show me ads I actually might care about! Oh noes! I want to see Tampax ads, not Canon! (Actually, I don't want to see Canon ads any mo

Well, that's the point - it's not just Facebook bots that are privy to the information but advertisers as well. Is it still "privacy" then?

You're mistaken, and this lawsuit is most likely going to be dismissed because the plaintiff has a factual misunderstanding of what they do.

FB doesn't actually give contents of anything of yours to anybody else. Here's how they offer to advertisers: You basically "tag" your ad with various key words to target or avoid, these can be formally declared items (such as setting your hometown, date of birth, etc.) or simply key words scraped out of comments, chat, wall posts, etc.They can get aggregate stats on ho

Facebook chat can be accessed via XMPP. So use a good IM client like Pidgin [pidgin.im] with the OTR plugin [cypherpunks.ca] and you have nice, encrypted chats via FB. I use it daily, and it works great.

It's Facebook. Is it reasonable to expect complete privacy with any part of it? Email at least has some expectation of privacy, but even there, the big providers scan your email for targeted advertising.

I really don't think a reasonable person expects a lot of "privacy" at Facebook, certainly "private messages" are only private from other users, not Facebook bots...

If a message is stated as "Private" it should be treated entirely as private. I think that implication would hold up in any court as a reasonable expectation, regardless of how Facebook mines Public or Shared content. Dangerous precedent otherwise.

It's Facebook. Is it reasonable to expect complete privacy with any part of it? Email at least has some expectation of privacy, but even there, the big providers scan your email for targeted advertising.

I really don't think a reasonable person expects a lot of "privacy" at Facebook, certainly "private messages" are only private from other users, not Facebook bots...

If a message is stated as "Private" it should be treated entirely as private. I think that implication would hold up in any court as a reasonable expectation, regardless of how Facebook mines Public or Shared content. Dangerous precedent otherwise.

Facebook doesn't have "Private Messages" -- they just have "Messages". So this debate is moot.

If a message is stated as "Private" it should be treated entirely as private.

Do you feel the same way about all the major "free" email providers? Because you know that ALL of them scan your "private" email, distil and save key words and other meta data and... *sell* that information to third parties, right?

People seem to miss that "Facebook Messaging" is by itself just populating records in their database for every line you type unless somebody was ever told differently. It's clearly not an encrypted-point-to-point protocol like Apple's (assuming of course that's true of Apple's system, but Apple says Apple can't decrypt messages...) but at least not plain-text like SMS and email.

For Facebook "private" just means your comments in their database get marked as "not readable to everybody else" not "private" as

If you were referring to messages publicly posted, of course people should not expect that to be private. If the same company provides a "PRIVATE message service" there absolutely is an expectation of privacy, it's in the name for pity sake.

I am not gullible enough, and neither should anyone be, to believe that wording is always correct. "Workers Rights" laws for example are not really "workers rights" for example. That said, I can read the laws to see how they will be used. I can't do the same thing wi

Only in a world where it being in a TOS automatically makes it legal and unchallengeable, which this is only if you are an idiot.
Not saying this is one of those times, but whether they win or lose is not based on it being in the TOS, but it being in there + either FB being able to prove it is legal, or the plaintiffs being able to argue its illegality. TOses, contracts, have been deemed either in whole or in part illegal/void before.

it's Facebook's PRIVATE data servers and PRIVATE application... you entirely follow their private little rules. Nowhere are you ever in the "public network". This is just like how Comcast and AT&T mine all the URLs you type while their DNS resolves them and send you ads. You have no recourse because those HTTP requests travel on their PRIVATE wires before going to the "internet".

You are responsible for your own privacy. When Facebook or Google mine your data ('you are the product' as people say), you have nothing to fall back on. It's in their ToS which most people agree with because they just HAVE to see their 3rd cousin's dancing cat videos.

They are doing something about it. They are trying to sue Facebook. Do you think it's OK to call a message private in the user interface and then tell people in a wall of text which nobody reads that private messages are not actually private?

The false equivalence between parties when a person and a big company enter into a so-called mutually binding contract is one of the more ridiculous myths of our present-day culture. It's something an alien culture would look at and say, "really? You all agreed to play along with that pretense?" As if an individual could ever have the time to read, and the training to understand, dozens of pages of legalize for every basic function in society such as making a purchase or looking at a web page, countless

You are responsible for your own privacy. When Facebook or Google mine your data ('you are the product' as people say), you have nothing to fall back on. It's in their ToS which most people agree with because they just HAVE to see their 3rd cousin's dancing cat videos.
Bitching is easy, doing something about it is harder.

Actually, filing a class action lawsuit is doing something.

If a suit at least forces facebook and others to be more clear about what "private" means, that's something. It would help people to make more informed decisions if fb posted something like: "By 'private' we mean we won't intentionally share your message with other individual members until the next ToS change, but the contents are still fair game for us and our advertisers."

Sure, everyone should know that "private" isn't private any more than a "lifetime warranty" last your whole life. And I'm sure that fb has buried something deep in the ToS. But if they're not doing anything wrong -- and they aren't according to the "contract" you have to accept in toto (or Scooby Doo, or whatever) to use the service -- they shouldn't have any problem making their policies more explicit. Nothing to hide, so to speak.

Well, intentionally re-defining a commonly understood word to mean something completely opposite and then hiding behind a TOS and EULA is pretty scummy. I have no problem with them trying to make money. I do have a problem with it when the obfuscate how they're doing it. Hiding behind the TOS is them admitting that they know they're wrong and trying to trick people, otherwise they wouldn't be hiding. I don't think it's unreasonable to ask that they just be open and honest about how they're going to work.

When Facebook or Google mine your data ('you are the product' as people say), you have nothing to fall back on. It's in their ToS

Only in some corporatist's wet dreams are corporations above the law. Whatever it may say on a ToS that they've pulled out of their asses, it does not change the facts one iota. The ToS cannot override the law of the land.

There is no means by which a person can sell themselves into slavery to a company by clicking on a web page. And by the same token, a company cannot decide th

You are responsible for your own privacy. When Facebook or Google mine your data ('you are the product' as people say), you have nothing to fall back on.

Except this is not remotely true; it shows a astonishing naivete (I suspect subterfuge). With Google you are not the product...tailored (automated) advertising is. Ironically with Facebook although I find the claim somewhat astonishing (for business reasons; you can only sell data once)...is your private data is being sold to anyone with cash...your *private life* is the product. The difference between the two is enormous.

What is even more scary about social networks including Googles is individuals can be

> With Google you are not the product...tailored (automated) advertising is.

False. With google, the *delivery* of tailored automated advertising is the product (well, service). The customer is the advertiser. What are we? I guess we're the lab-rats, being tested for the effectiveness of the product? Which is so much better than being the "product".

While people using Facebook aren't necessarily paying customer, they are users of the service. Without users Facebook has no point of existing and therefore has no need of sponsors. For this reason we are using a service provided to us and in doing so there are expectations of fair treatment. Even cattle have certain rights.

Brushing users off as 'non-paying customers' is a port excuse, since they are both users and customer of the service. If we don't 'like' as sponsor's message, then they can't ask for a exchange of fees from the sponsor.

You didn't read what I said. Without the users they have zero value of what they have to offer the advertisers. Also people should have legal rights with what they should expect from a service and what can and can't be done. In Europe this is certainly the case.

So what if I want to be a paying customer instead? Are they any social network providers that charge for service rather than selling us down the river to advertisers? How about a search engine? An email provider? Where are these alternatives that would let us tell advertisers to go screw themselves?

According to mister Goebbels, a lot of the recent problems of the USA could probably be solved by having a friendly discussion with dictionary editors, about that incorrect definition of the word "privacy"

The complaint makes a key point. Facebook lied in their privacy policy. See page 19 of the complaint,
"Facebook Fails to Disclose That Its Private Message Processes Read, Acquire, and Use Private Message Content, in Violation of Its Express Agreements With Facebook Users." This looks like a clear ECPA violation.

I'm not so sure. They clearly state that they receive messages in the "information we receive about you" section, and then clearly state that they use the information that they receive to "measure or understand the effectiveness of ads you and others see, including to deliver relevant ads to you"

It starts off like this:
"At Facebook, we believe that ads should contribute to and be consistent with the overall user experience. The best ads are those that are tailored to individuals based on how they and their friends interact and affiliate with the brands, artists, and businesses they care about. These guidelines are not intended to serve as legal advice and adherence to these guidelines does

If I were to start up a car company and put a sticker in the truck that read:"We feel that the safest way for our customers to be in an accident is to not be in the car at all when it happens. Therefore we've replaced all of our airbags with ejection seats which will remove you from the immediate vicinity of the accident upon collision. It is the responsibility of the customer to land safely there-after"

No, I totally agree with you. My post was more tongue-in-cheek than anything. I don't use facebook, because back when it first came out I felt that such a free service was hiding something, and the only real possibility was data-mining (at the time, I seriously thought that I coined that phrase 'data-mining'). I was asked by so many friends "Why don't you get on facebook?" and I always told them that I didn't want to be used for data-mining. They'd laugh, and tell me that I needed a tinfoil hat.

If I were to start up a car company and put a sticker in the truck that read:"We feel that the safest way for our customers to be in an accident is to not be in the car at all when it happens. Therefore we've replaced all of our airbags with ejection seats which will remove you from the immediate vicinity of the accident upon collision. It is the responsibility of the customer to land safely there-after"

facebook can call private messages "vegetables" if the ToS says they can. If the ToS has wording along the lines of, "we may share the contents of your private messages with third parties in order to better target advertising", then there is nothing you can do to stop them from sharing your "private" messages on facebook.

No. is not that simple, otherwise there wouldn't be a lawsuit (hence the point of the original post). There are lots of things you can't put or do in a contract no matter who, what, and how it gets signed (and these can include ToS). We'll see what happens.

People always act surprised when they find out social media or similar services mine, distribute and sell their data. People fail to realize that the ToS legally allows these companies to do whatever they want with it (except for violating certain laws). Unfortunately, we live in a society where the instantaneous gratification of signing up for these services means people don't take the time to read these ToS. Let's be honest, who has ever taken the time (myself included) to read the Tos, EULA, etc of a pro

Unfortunately, we live in a society where the instantaneous gratification of signing up for these services means people don't take the time to read these ToS. Let's be honest, who has ever taken the time (myself included) to read the Tos, EULA, etc of a product or service.

Are you kidding me? IT has nothing to do with instant gratification at all. If I read the EULA or ToS for every single event I went to, for every piece of software I used, or for every online service I had to use for one reason or another, I would never get past boot up on my computer. The ToS on the operating system alone are typically 80+ pages of legalese that mean absolutely nothing to most people. When I bought my house, I read the entire mortgage contract from start to finish. It was 15 pages of l

The brave new world is sorting out what companies, services, and communication mediums are subject to Common Carrier [wikipedia.org] regulations. If Facebook is a common carrier, then there should be some expectation of privacy. If not, then not.

Facebook (and many service providers) are currently and deliberately in a gray zone. If they are not common carriers then they can do whatever they please with the goods (electrons, bits) that they transport because it is their own private property once you hand it to them; per

If anyone is interested in the common carrier argument, I urge them to read the following as it relates to being able to treat your residential ISP as a 'common carrier' (so that for instance one could host their own server running an open source or commercial solution that provides an alternate to facebook messaging).

While you are allowing us to use the information we receive about you, you always own all of your information. Your trust is important to us, which is why we don't share information we receive about you with others unless we have:

received your permission;

given you notice, such as by telling you about it in this policy; or

removed your name and any other personally identifying information from it.

Most of the discussion so far seems to centre around if Facebook should be allowed to scan your messages. To me the more serious question is that according to the allegations, that Facebook will follow any links in your "private message" and if there is a Facebook like button, it will press it for you. Pages 14 and 15 of the complaint show an experiment where a private page (i.e. a page with no links into it)
with a Facebook like button was created and a link was sent, and the like button was generated by

There ain't no such thing as a free lunch: In the 1800s in the western United States, many taverns would offer free lunches. The catch was that while the lunch was free, the beer was not. Even today, you'll see tavern and pub food offerings being the saltiest, greasiest food possible- an outgrowth of the free lunch menus, designed to make you thirsty so that you'll buy more beer. In downtown Portland, OR, a teetotaler millionaire decided to fight back- Samuel Benson. He did so by creating Skidmore Fountain and the "Benson Bubblers"- free water fountains that can still be seen in downtown Portland- which ended the free lunch craze there.

So yes, it is *exactly* like a free lunch- give them the lunch, make them pay for the drinks.